CVE-2023-54285 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write CWE-190 — Integer Overflow or Wraparound6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 98.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: iomap: Fix possible overflow condition in iomap_write_delalloc_scan folio_next_index() returns an unsigned long value which left shifted by PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead use folio_pos(folio) + folio_size(folio), which does this correctly.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDlinux/linux_kernel6.1.92 — 6.1.162+1

▶Debianlinux/linux_kernel< 6.1.162-1+2

▶CVEListV5linux/linux38be53c3fd7f4f4bd5de319a323d72f9f6beb16d — 0c6cf409093f307ee05114f834516730c0da5b21+3

▶debiandebian/linux< linux 6.1.162-1 (bookworm)

▶debiandebian/linux-6.1< linux 6.1.162-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-wfvh-f2f6-f56w: In the Linux kernel, the following vulnerability has been resolved: iomap: Fix possible overflow condition in iomap_write_delalloc_scan folio_next_i↗2025-12-30

▶

OSV

CVE-2023-54285: In the Linux kernel, the following vulnerability has been resolved: iomap: Fix possible overflow condition in iomap_write_delalloc_scan folio_next_ind↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: iomap: Fix possible overflow condition in iomap_write_delalloc_scan↗2025-12-30

▶

Debian

CVE-2023-54285: linux - In the Linux kernel, the following vulnerability has been resolved: iomap: Fix ...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54285 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶